ProvePrivacy Logo | Blue Green

Back to home

Data Sharing

Adequate Countries

Data Sharing | ProvePrivacy | Article Image 51

The European Commission determines whether a country outside the EU offers an adequate level of data protection.

The effect of such a decision is that personal data can flow from the EU to that ‘third country’ without any further safeguards being necessary. Or to put it more simply, transfers to the country will be treated like a transfer within the EU.

Data protection by design and by default should still be applied, but the regulation requires no specific safeguards to protect the international transfer.

The European Commission has so far recognised a number of companies as providing adequate protection. However this list can change regularly and so organisations are advised to check here:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Currently, transferring personal data to the United States of America is considered to have adequate protection by the EU, but only if the specific organisation is covered by the Data Protection Framework for the specific service that the data is being transferred to. Therefore additional due diligence should be undertaken when transferring personal data to the USA.  The same cannot be said for the UK where the Data Protection Framework is not yet an accepted safeguard.

You might also like

Scroll to Top

Contact us

If you would like to ask more questions or to arrange training, complete the form below and we will respond shortly.

See our Privacy Statement for more details.

Get expert tips and business insights